CVE-2021-45046—Apache Log4j2 Deserialization of Untrusted Data Vulnerability
PUBLISHEDvulnerability record
2023-05-01 · last modified June 21, 2025
Metadata
漏洞名称
Apache Log4j2 Deserialization of Untrusted Data Vulnerability
描述
Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.
已知用于勒索软件活动吗?
采集行动
Apply updates per vendor instructions.